Security researchers from Imperva and Varonis have independently demonstrated critical vulnerabilities in OpenClaw, a widely-used self-hosted AI agent, showing it can be manipulated to execute malicious code and expose sensitive information. The attacks exploit the agent's processing of seemingly benign inputs like vCards, shared contacts, and location data, allowing attackers to embed hidden inst
Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and location pins that the agent executed without the victim ever seeing them. Varonis built a test agent on
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
